1. Field of the Invention
The present invention relates generally to computer networks, and more particularly, to techniques for improving the resilience of content distribution networks to distributed denial of service attacks.
2. Background of the Invention
The problems of detecting and thwarting distributed denial of service (DDoS) attacks against Internet servers has recently drawn considerable interest, both from the networking research community and among new companies established primarily to combat these types of attacks. These attacks typically flood a network or server with bogus request packets, rendering it unavailable to handle legitimate requests. In a time where performance and availability are key differentiators among Internet services, such downtime results in substantial financial loss. Despite increased awareness about security issues, denial of service attacks continue to be an important problem. According to a recent Computer Security Institute survey, for example, the number of respondents indicating their site had been the victim of a DoS attack (e.g., TCP SYN flood) rose from 27% in 2000 to 38% in 2001.
Most of the work on countering DDoS attacks to date has focused on attacks that target a single centralized server location or Web site, where the attackers can overrun bandwidth and server resources with relative ease. In today's Internet architecture, however, many high-volume sites are distributed, either replicating content in several data centers, or distributing content using a content distribution service provider (CDSP). For example, among the top 20 most highly trafficked sites on the Internet as reported by Media Metrix, at least 15 use a CDSP such as Akamai, Digital Island, or Speedera. It is evident also, that high-volume sites are likely targets of DDoS attacks. In February 2000, for example, a spate of sophisticated DDoS attacks brought down several high-profile sites including Yahoo, Ebay, Amazon.com, CNN, and Buy.com, most of which currently employ a CDSP to distribute content.
In addition to promising better performance, CDSP's often claim that they can offer increased resilience to DDoS attacks. While content distribution networks (CDNs) do provide some protection from DDoS attacks by their inherently distributed nature, their shared server infrastructure can also be a weakness. An attack on a single CDN-hosted Web site can affect many (or all) of the customer sites hosted by the CDSP. Without a careful site allocation strategy, the redundancy and replication provided by the CDN offer limited protection for all the hosted customers.